Anti-Malware Security and Brute-Force Firewall

Description

Run a Complete Scan to automatically remove known security threats and backdoor scripts.

Firewall block SoakSoak and other malware from exploiting Revolution Slider and other plugins from known vulnerabilites.

Upgrade vulnerable versions of timthumb scripts.

Download Definition Updates to protect against new threats.

Premium Features:

Patch your wp-login and XMLRPC to block Brute-Force and DDoS attacks.

Check the integrity of your WordPress Core files.

Automatically download new Definition Updates when running a Complete Scan.

Updated February 19th

Register this plugin at GOTMLS.NET and get access to new definitions of “Known Threats” and added features like Automatic Removal, plus patches for specific security vulnerabilities like old versions of timthumb. Updated definition files can be downloaded automatically within the admin once your Key is registered. Otherwise, this plugin just scans for “Potential Threats” and leaves it up to you to identify and remove the malicious ones.

NOTICE: This plugin make call to GOTMLS.NET to check for updates not unlike what WordPress does when checking your plugins and themes for new versions. Staying up-to-date is an essential part of any security plugin and this plugin can let you know when there are new plugin and definition update available. If you’re allergic to “phone home” scripts then don’t use this plugin (or WordPress at all for that matter).

Special thanks to:

Clarus Dignus for design suggestions and graphic design work on the banner image.

Jelena Kovacevic and Andrew Kurtis of webhostinghub.com for providing the Spanish translation.

FAQ

Activate the plugin through the ‘Plugins’ menu in your WordPress Admin.

Register on gotmls.net and download the newest definition updates to scan for Known Threats.

Why should I register?

If you register on GOTMLS.NET you will have access to download definitions of New Threats and added features like automatic removal of “Known Threats” and patches for specific security issues like old versions of timthumb and brute-force attacks on wp-login.php. Otherwise, this plugin only scans for “Potential Threats” on your site, it would then be up to you to identify the good from the bad and remove them accordingly.

How do I patch the Revolution Slider vulnerability?

Easy, if you have installed and activated my this Anti-Malware plugin on your site then it will automatically block attempts to exploit the Revolution Slider vulnerability.

How do I patch the wp-login vulnerability?

The WordPress Login page is susceptible to a brute-force attack (just like any other login page). These types of attacks are becoming more prevalent these days and can sometimes cause your server to become slow or unresponsive, even if the attacks do not succeed in gaining access to your site. This plugin can apply a patch that will block access to the WordPress Login page whenever this type of attack is detected. Just click the Install Patch button under Brute-force Protection on the Anti-Malware Setting page. For more information on this subject read my blog.

Why can’t I automatically remove the “Potential Threats” in yellow?

Many of these files may use eval and other powerful PHP function for perfectly legitimate reasons and removing that code from the files would likely cripple or even break your site so I have only enabled the Auto remove feature for “Know Threats”.

How do I know if any of the “Potential Threats” are dangerous?

Click on the linked filename to examine it, then click each numbered link above the file content box to highlight the suspicious code. If you cannot tell whether or not the code is malicious just leave it alone or ask someone else to look at it for you. If you find that it is malicious please send me a copy of the file so that I can add it to my definition update as a “Know Threat”, then it can be automatically removed.

What if the scan gets stuck part way through?

First just leave it for a while. If there are a lot of files on your server it could take quite a while and could sometimes appear to not be moving along at all even if it really is working. If it still seems stuck after a while then try running the scan again, be sure you try both the Complete Scan and the Quick scan.

How did I get hacked in the first place?

First, don’t take the attack personally. Lots of hackers routinely run automated script that crawl the internet looking for easy targets. Your site probably got hacked because you are unknowingly an easy target. This might be because you are running an older version of WordPress or have installed a Plugin or Theme with a backdoor or known security vulnerability. However, the most common type of infection I see is cross-conamination. This can happen when your site is on a shared server with other exploitable sites that got infected. In most shared hosting environments it’s possible for hackers to use an one infected site to infect other sites on the same server, sometimes even if the sites are on different accounts.

What can I do to prevent it from happening again?

There is no sure way to protect your site from every kind of hack attempt. That said, don’t be an easy target. Some basic steps should include: hardening your password, keeping all your sites up-to-date, and run regular scans with Anti-Malware software like GOTMLS.NET

Why does sucuri.net or the Google Safe Browsing Diagnostic page still say my site is infected after I have removed the malicious code?

sucuri.net caches their scan results and will not refresh the scan until you click the small link near the bottom of the page that says “Force a Re-scan” to clear the cache. Google also caches your infected pages and usually takes some time before crawling your site again, but you can speed up that process by Requesting a Review in the Malware or Security section of Google Webmaster Tools. It is a good idea to have a Webmaster Tools account for your site anyway as it can provide lots of other helpful information about your site.

Despite good security, problems seem to get through the defenses. This plugin has worked extremely well, catching and removing both real viruses and extraneous junk that some other plugins create. The program takes a while to run, but I regularly run it in the background on all 8 websites I have…and it often picks up new problems. It works well enough that I “donate” yearly what a “paid” plugin would cost…around $100. Worth it.